package jdbc;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

public class TestSelect2 {
    private static Connection conn = null;
    private static PreparedStatement ps = null;
    private static ResultSet rs = null;

    public static void main(String[] args) throws Exception{
        Class.forName("com.mysql.jdbc.Driver");
        String url = "jdbc:mysql://localhost:3306/tedu?useUnicode=true&characterEncoding=utf8";
        String user = "root";
        String pwd = "root";
        conn = DriverManager.getConnection(url, user, pwd);
        System.out.println("连接成功~~");

        int locationID=1;
        //String locationName="北京";
        String locationName= "' OR '1'='1";
        String sql="SELECT id,name FROM location WHERE id = "+locationID+" AND name = '"+locationName+"'";

        System.out.println("sql = " + sql);
        ps=conn.prepareStatement(sql);
        rs=ps.executeQuery();
        System.out.println(rs.next() == true ? "记录存在!" : "记录不存在!");

        rs.close();
        ps.close();
        conn.close();





    }
}
